SCO braces for MyDoom onslaught

The SCO Group is readying itself for a massive attack that is expected to begin hitting its Web site this weekend, courtesy of the fast-spreading MyDoom virus.

The company was reluctant to discuss specific details of its plans, but spokesman Blake Stowell said on Friday that it is preparing for the onslaught of traffic that the virus is projected to generate. The company hopes to keep its regular Web site running but has contingency plans in place, he said.

"I think people will see some creative thinking on our part, on how we address this," Stowell said. The company has already offered a $250,000 bounty for information leading to the arrest and conviction of those responsible for unleashing the virus.

MyDoom is designed to force infected PCs to send data to the SCO Group's Web server between Feb. 1 and Feb. 12. SCO has drawn the wrath of the Linux community over claims that key pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

A variant of the MyDoom worm is also programmed to attack Microsoft's main Web site. In a statement, the Redmond, Wash., software company said it is aware that its sites are targets of a denial-of-service attack from a variant of the virus, MyDoom.B.

"While Microsoft is unable to discuss the specific remedies it is taking to prevent the reported (denial-of-service) attack, we are doing everything we can to ensure that Microsoft properties remain fully available to our customers," the company said in a statement Friday. "Microsoft is aggressively working with our Virus Information Alliance partners to help protect customers from this outbreak."

E-mail screening company MessageLabs said on Friday that while MyDoom wasn't spreading as fast as it had been midweek, it is still setting records. The company has intercepted nearly 9 million messages infected with the virus since Monday, and the infection rate has averaged about one in every 15 messages. That is below MyDoom's peak rate of one in 12 and in line with the previous record holder, the Sobig virus.

"Let there be no doubt that the Trojan component of MyDoom.A is creating an entirely new network of compromised machines that hackers, and likely spammers, will be able to remotely control," Mark Sunner, chief technology officer of MessageLabs, said in a statement.

Antivirus firm Kaspersky Labs said there is an 80 percent chance that MyDoom is of Russian origin, according to an AFP report.